Tagged Questions

PGP is short for "Pretty Good Privacy". It is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to ...

I've created a new GPG key to sign a software package in a source repository with an expiration date three years from now. It seemed like a good security measure because if the key is compromised or ...

Looking into the details of Pretty Good Privacy, I'm confused as to the reasoning behind encrypting the message with a session key and the key with the recipient's public key via RSA. I fail to see ...

I'm trying to a cascading cipher encryption algorithm to encrypt a textfile via mcrypt. I'm essentially trying to emulate the behavior of TrueCrypt, where it can cascade two or three different cipher ...

I've just started to use GPG and created a public key. It is kind of pointless if no-one knows about it. How should I distribute it? Should I post it on my profile on Facebook and LinkedIn? How about ...

Do GPG/PGP keyservers "garbage collect" old keys which have expired, been revoked, or simply haven't been updated in a decade? Or does the server (theoretically) keep every key it has ever seen from ...

Axolotl Ratchet is used by Textsecure and is an enhanced version of OTR in a way to make it suitable for mobile applications, which has the probability to encrypt messages without both parties to have ...

Someone mentioned here that asymmetric encryption might not be appropriate for bulk data and gave an example of RSA with 100 bytes. Of course, I understand that it was a rough example. But it made me ...

I was wondering how PGP works with a CC. In my understanding, if I send an e-mail to foo@example.com and use baz@example.org in the CC, Enigmail would have to encrypt the e-mail once for every user ...

Let's say hypothetically I am writing a web application targeting technically inclined, security-conscious users who have no problems generating and using GPG or SSH keys.
Is it possible to use said ...

Let's say I have daily files that need to be encrypted using PGP (and then emailed) and I want to automate this task. I would be using Windows PowerShell to manipulate the files (examine date/times ...

Can a .sh file be a virus or something harmful? Is it like .exe files on Windows? If yes can someone read this script and tell me if it safe and is it effect any how on gpg security. It gives me an ...

Does an encrypted message contain any information about whom it is encrypted to, or at least to how many recipients? And if so, is it at least only obtainable for other recipients or for just anybody?
...

If I want to have some privacy and avoid the attention of publishing my email address to the public key server web of trust, yet have a secure two-way email conversation with one recipient, what are ...

I want to know technical details about how public PGP keyservers synchronize the keys.
If I send my key to one keyserver, how exactly does it "travel" to all the other ones? Who sends it to who and ...

One thing that I found out when starting using PGP:
When I uploaded my keys to the SKS keyserver, the keyserver did not take any action to verify that I am who I claim to be.
Since a PGP key contains ...

I would like to create a new GPG key. Going through a couple of thread it seems like the most popular scheme for maximum security is to have an offsite master (sign-only) key which provides a shell ...

Is anyone storing the PGP encryption key in a Hardware Security Module (HSM)? Company policy mandates this, so I need to store the private key to decrypt pgp file in HSM. But as much i know PGP uses ...

When you retrieve someone's information from a keyserver to add him to your pgp keyring, that is made through unencrypted keyservers, unless the user uploaded it to https://keyserver.pgp.com/. Even ...